Unfortunately I've stucked on getting my app able to use TLS 1.2 protocol on Android version < 5.0. I use okhttp3 library for creating and firing up proper requests. Everything works perfect on devices running Lollipop +. I am building OkHttpClient instance like this:
SSLContext context = SSLContext.getInstance("TLS"); // tried TLSv1.2
context.init(null, trustManagers, null);
List<ConnectionSpec> specs = new ArrayList<>();
specs.add(ConnectionSpec.MODERN_TLS);
specs.add(ConnectionSpec.CLEARTEXT);
OkHttpClient client = new OkHttpClient.Builder()
.sslSocketFactory(new TlsSocketFactory(context.getSocketFactory()), (X509TrustManager)trustManagers[0])
.connectionSpecs(specs)
.build();
Inside TlsSocketFactory class I am setting enabled protocols:
private Socket enableTLSOnSocket(Socket socket) {
if(socket != null && (socket instanceof SSLSocket)) {
((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
}
return socket;
}
After executing request i get this issue:
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x67531570: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:744 0x5dfc97e8:0x00000000)
I have made a lot of research about this kind of issue, but unfortunately none of presented solutions did the trick. I have already tried:
- Installing proper security provider link
- Creating TLSSocketFactory class (similar is presented here: link)
- Creating NoSSLv3SocketFactory class (presented as solution here: link)
- Checking if sever uses proper ciphers (and it does)
Curious thing is calling getSupportedSSLParameters().getProtocols() returns [SSLv3, TLSv1, TLSv1.1, TLSv1.2] but calling getDefaultSSLParameters().getProtocols() returns only [SSLv3, TLSv1]
Do you guys have any ideas about this problem?
